Q. EFS certificate always tries to enroll the Basic EFS template?

When requesting a certificate on first use, EFS requests the Basic EFS template, or it uses auto-enrollment. When no certificates exist on the client computer, the version 1 template of the Basic EFS is used.

When configuring a version 2 template of the Basic EFS for enhanced configuration options, and you want users to automatically obtain the EFS certificate, you must use auto-enrollment.

NOTE:EFS does not know if there is the version 2 template on first use because the version 2 template has a different name.

NOTE: When you manually request a certificate in the MMC (Microsoft Management Console), the EFS certificate works with both versions of the template.